This disclosure relates generally to the field of malware detection. More particularly, but not by way of limitation, it relates to techniques for using reputation for determining whether to allow traversal of a hyperlink embedded in an email.
Anti-malware systems have provided email gateways to perform checks on email before delivery to an email client and web gateways to perform checks on Uniform Resource Locators (URLs) before allowing traversal of a hyperlink. Such checks often consider a reputation of the email or the URL. Reputation is a concept used to determine the validity of an email or a URL based on information collected from global sources. The reputation of an email or a URL is not fixed, and can change over time based on data collected from global sources. A weakness exists in current anti-malware systems that may allow a phishing or otherwise unwanted email through to a recipient because the services used by the email gateway to determine email reputation does not yet have enough knowledge of a particular host or content. The email recipient may then click on a hyperlink within the message, but the hyperlink alone does not have enough reputation information associated with it to prevent traversal of the hyperlink.